DEC- 11 -2005 08:57 VANLEEUWEN VANLEEUWEN 



512 301 6742 P. 05 



PATENT 

B. AMENDMENTS TO THE CLAIMS 

1. (Currently Amended) A computer-i molemented method for 
securing data, said method comprising: 
vor^o-i^Hna r at a security module, a first password 
corresponding to a software application; 
generating, at the security module , a first mask value 
based on the first password; 

o»n.HnTnHna. at the security module, the first mask value 
with a first encryption key, wherein the first encryption 
key is derived from a generated key and a known value, the 
combining resulting in a tied key; 

^T,r.r- Yptinq. at the security mo dule, the tied key using a_ 
eor^^nH encryption kev that is associat ed with the security 
module, the encrypting resulting in an encryp ted tied key; 
returning the encrypted tied ke y ^--o the software 
application ; 

determining, at the soft ware application, that the 
encrypted tied kev corresponds to the sec urit y module; 
in response to the determining, sen ding the encrypted tied 
ke y and a second password from the s oftware application to 
the security module over a compute r network, the second 
password being the same as the first password; 
receiving, at the security module, t h e encrypted tied key 
and the second password fr om the software application; 
in response to receiving the encrypted tied k ey and the 
second password, combi n ing, at the security module, the 
pncr ypted tied kev and th e second key, the combining 
resulting in a recovered t ied key; 

j.t.cc i.lng a □o co uJ paaawoxJ oorroopoudiny Lo tUti u o ftwaro 
application ; 
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generating a second mask value based on the second 
password; 

separating a recovered encryption key from the recovered 
tied key using the second mask value, the recovered 
encryption key including a recovered generated key and a 
recovered known value ; and 

encrypting data provided by the software application using 
the recovered generated key. 

2. (Canceled) 

3. (Canceled) 

4. (Canceled) 

5. (Canceled) 

6. (Currently Amended) The computer- implemented method as 
described in claim 1 further comprising: 

determining whether the recovered known value is correct; 

and 

processing a data file based on the determination. 

7. (Currently Amended) The computer-i mplemented method as 
described in claim 6 wherein the processing is selected 
from the group consisting of encrypting the data file using 
the recovered generated key and decrypting the data file 
using the recovered generated key. 

8. (Currently Amended) An information handling system 
comprising: 

one or more processors; 

a memory accessible by the processors; 
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one or more nonvolatile storage devices accessible by the 
processors ; 

a hardware security module accessible by the processors; 
a data security tool for securing data using the hardware 
security module, the data security tool including: 
means for r— -"-a, ^ ^p-curitv module, a first password 
corresponding to a software application; 

means for ^^n^r^itina . at the secu rity module, a first mask 
value based on the first password using the hardware 
security module; 

means for rrnmbinina . at the secu rity module, the first mask 
value with a first encryption key using the hardware 
security module, wherein the first encryption key is 
derived from a generated key and a known value, the 
combining resulting in a tied key; 

means for encrypting, at the se curity module, the tied key 
using a second encryption key t hat is associated with the 
security module, the encrypting resulting in an encrypted 
tied key; 

means for returning the encrypte d tied key to the software 
application; 

means for determining, at the softwar e application, that 
the encrypted tied key correspo nds to the security module? 
in response to the determining, sending the encryp ted tied 
key and a second password from the software appl ication to 
the security module, the second passw o rd being the same as 
the first password; 

means for receiving, at the securit y m odu le, the encrypted 
tted key and the second password f rom the software 
application; 
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means for, in response to receiving the encryp ted tied key 
and the second password, combining, at the security module, 
the encrypted tied key and the second key, the combining 
resulting in a recovered tied key; 

mcanp for rccoiving a aecond papovford corrcup u nding to t l i n 
software application; 

means for generating a second mask value based on the 
second password using the hardware security module; 
means for separating a recovered encryption key from the 
recovered tied key using the second mask value, the 
recovered encryption key including a recovered generated 
key and a recovered known value; and 
means for encrypting data provided by the software 
application using the recovered generated key. 

9. (Canceled) 

10. (Canceled) 

11. (Canceled) 

12. (Canceled) 

13. (Original) The information handling system as described in 
claim 12 wherein the means for processing is selected from 
the group consisting of a means for encrypting the data 
file using the recovered generated key and a means for 
decrypting the data file using the recovered generated key. 

14. (Currently Amended) A computer program product stored in a 
computer operable media for securing data, said computer 
program product comprising: 
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means for r^nf.i^r±na . at a security module, a first password 
corresponding to a software application; 

means for gon^r-^-hi na , at the security modul e, a first mask 
value based on the first password using the hardware 
security module; 

means for or.mhnnina . at the security modu le, the first mask 
value with a first encryption key using the hardware 
security module, wherein the first encryption key is 
derived from a generated key and a known value, the 
combining resulting in a tied key; 

means for encrypting, at the security module, the tied key 
using a second encryption k ev that is associated with the 
security mo HnlA r the encrypting resulting in an encrypted 
tied key; 

means for returning the encry pted tied key to the software 
application; 

means for determining, at the software a pplicat ion, that 
the encrypted tied key corresponds to the security module; 
in response to the determining, sendi ng the encrypted tied 
ke y and a second password from the so ftware application to 
the security module, the second passw ord being the same as 
the first password; 

means for receiving, at th e security module, the encrypted 
tied key and the second password from the software 
application; 

m«ans for, in response to rec eiving the encrypted tied key 
^nd the second password, comb ining, at the security module, 
the encrypted tied key and t he second key, the combining 
resulting in a recovered t ied key; 

m c aub £ u r roociying a pcoonJ paoaword co rrcaponding to the 
DOftwarc application; 
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means for generating a second mask value based on the 
second password using the hardware security module; 
means for separating a recovered encryption key from the 
recovered tied key using the second mask value, the 
recovered encryption key including a recovered generated 
key and a recovered known value; and 
means for encrypting data provided by the software 
application using the recovered generated key. 

15. (Canceled) 

16. (Canceled) 

17. (Canceled) 

18. (Canceled) 

19. (Original) The computer program product as described in 
claim 14 further comprising; 

means for determining whether the recovered known value is 

correct; and 

means for processing a data file corresponding to the 
determination . 

20. (Original) The computer program product as described in 
claim 19 wherein the means for processing is selected from 
the group consisting of a means for encrypting the data 
file using the recovered generated key and a means for 
decrypting the data file using the recovered generated key. 

21. (New) The method of claim 1 wherein the security module is 
a separate hardware security module in a computer system. 
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22. (New) The method of claim 1 wherein the generated key is at 
a level of security corresponding to a sensitivity level of 
the data being encrypted. 

23. (New) The method of claim 1 wherein encrypting the data is 
performed within the security module, 

24. (New) The information handling system of claim 8 wherein 
the security module is a separate hardware security module 
in a computer system. 

25. (New) The information handling system of claim 8 wherein 
the generated key is at a level of security corresponding 
to a sensitivity level of the data being encrypted. 

26. (New) The information handling system of claim 8 wherein 
encrypting the data is performed within the security 
module. 

27. (New) The computer program product of claim 14 wherein the 
security module is a separate hardware security module in a 
computer system. 

28. (New) The computer program product of claim 14 wherein the 
generated key is at a level of security corresponding to a 
sensitivity level of the data being encrypted. 

29. (New) The computer program product of claim 14 wherein 
encrypting the data is performed within the security 
module . 
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